The health-care market is a demand-driven segment of our economy, and the demand today and in the foreseeable future is exceedingly high. The math is pretty simple considering our aging population, including yours truly, and the improvement of quality of life as a result of great health-care professionals. Higher demand means more patients to protect.
This means a growth opportunity for your systems integration business, if you identify this market’s real drivers. The first step is to understand your health-care customers’ businesses from their perspective.
4 Changes Impact Security Directors
The health-care security professional is in a more exacting position than ever before. Don’t just take my word for it, take it from Security Risk Management Consultants (Columbus, Ohio) CEO Elliot Boxerbaum, CPP, CSC, and Chuck Smith, former corporate security director of protective services at Ohio Health. Boxerbaum is a former security director for Riverside Methodist Hospital in Columbus, while Smith has spent more than 30 years in health-care security.
I queried these experienced pros for market perspective and what systems integrators must know to satisfy the health-care community. They explained the health-care industry was changing in four main ways:
- The advancement of security technology tools and systems. Health-care administrators have elevated their expectations of improved security for associates and patients alike. Technology is seen as a way to leverage improved security performance while lowering operating costs.
- This translates at the security director level to do “more with less” from their management teams. Many times the “less” means fewer full-time employees who drive operating costs upward.
- The reporting structure for security directors is also changing in a positive way. A trend of reporting higher in the health-care organization as the business value of risk mitigation and protecting their brand is acknowledged by senior management.
- Security directors need stronger analytical skillsets to effectively communicate business risks as well as options to senior management. A competent systems integrator can be a real asset in this area.
4 Ways for Integrators to Meet Needs
In the past, having a law enforcement background was the key criteria to run an effective health-care protection program. Today, the health-care security professional must rely on partners that bring a solid business rationale with their security solutions. So how does that impact a growth-orientated systems integrator?
There are four ways this trend may impact your business strategies, design capabilities and selling skills:
- It’s a given that you need to clearly understand how your solutions can help a security director do “more with less” from a business and security perspective.
- Clearly understand how their security and business operation works today and what is expected in the future by all of the key stakeholders; management, nurses, doctors, IT, patients, and shareholders.
- How does IT infrastructure and management support the health-care business model today, as well as the future? You must be able to complement, not complicate, how the IT infrastructure adds value to the customer.
- You also need to be able to build and sustain new communication “bridges” between the key stakeholders at the health-care organization.
Dealing With Regulatory Demands
Those areas are controllable by how you might choose to do business in the health-care market. However, there are some things you may not be able to control.
Federal, state and local mandated compliance requirements come to mind. If you intend to grow with the health-care market, plan to stay current with these regulations. You must understand the letter of the law, but more importantly how that translates into operational costs for your health-care customer. An example would be the term PHI (Protected Healthcare Information), which is defined by the HIPAA law of 1996 as … “any information, whether oral or recorded in any form or medium that … a) is created or received by a healthcare provider, health plan, public health authority, employer, life insurer, school or university, or healthcare clearing house … ”
I think you get the point on how regulations might impact a broad range of your customers. California requires routine risk and vulnerability assessments of facilities to protect PHI and ePHI formats. In March of this year, the U.S. Department of Health and Human Services announced a $1.5 million settlement with a health-care provider for not protecting the proper disposal of old computer hard drives. A collaboration of IT and security departments could have avoided this settlement.
You may be wondering, “What could be worse?” How about the responsibility to notify all of your customers their protected health-care information has been compromised, not by an outside hacker, but by their own internal lack of checks and balances? Imagine the impact that would have on their brand and shareholder value. It’s important to help a health-care security professional stay out in front of all these issues.
Selling and Satisfying Stakeholders
Consider introducing at a tradeshow or via a product demo an exciting new technology that promises at face value to make their lives easier. The security director gets excited and asks for a proposal, which you are happy to supply. The security director budgets around your estimate, and it gets approved! It’s off to the races, right? It is if you were careful enough to cover all the bases, costs, contingencies and implementation processes. You included IT in the preliminary planning before offering that proposal, right?